The snooping dragon: social-malware surveillance of the Tibetan movement

Shishir Nagaraja of the University of Illinois at Urbana-Champaign and Ross Anderson of Cambridge University have published a very interesting paper called “The snooping dragon: social-malware surveillance of the Tibetan movement” (abstract, full report) on how agents of the Chinese government managed to infiltrate the computer network of the Dalai Lama’s organisation through ingenious social engineering and gain access to intelligence information that could lead to peoples arrest and possible execution.

It’s a very interesting report and points out that the techniques used are within the reach of motivated individuals as well as government intelligence agencies and ponders how much less well known organisations can cope with such attacks; it also lends weight to the sage advice offered in Ross Andersons “Security Engineering” book. Both are well worth a read, even for those of us whose network security is not a literal matter of life or death.